What do you do with your old credit card when
the new one arrives? Do you drop it on the street? I don't think so? How about
advertising it on eBay? - One old credit card - expiry date nearly over - no
longer needed by current owner - going cheap.

How about that new copy
of your customer list that the marketing people have been promising you for the
last 6 months? When it finally arrives so you can use it at the
trade show you're
exhibiting at - do you just throw the old one in the trash?

ILM
(Information Life cycle Management) became a fashionable term in storage
circles about 5 years ago. Like most marketing buzz words - the ILM hype was
focused on whatever the vendors were selling at the time. ILM
ISVs were mainly
selling themselves to
bigger storage companies... with a company lifecycle which didn't include much
more time than writing a few press releases about the ver 1.0 release before
the money from the VC in
the wall machines was spent.

But beneath the surface glitter of
acronyms there are some useful concepts in the ILM which are still relevant
today.

What happens to your data when the storage media they are
stored on gets too old?

The afterlife for things like disk drives
and RAID systems is not something that most of us think about much. It's not the
glamorous end of the storage market.

In the home market maybe your
old PCs are stored in the garage. It's a myth that you can give them to the
kids. In my experience - the kids always demand and get the newest fastest PCs
- much more powerful than the ones that we use at work. Most of your old PCs
were probably still working you stopped using them. Maybe that means your old
email accounts and bookmarks work too. How long would it take someone to try
requesting the main online banks that your password details should be emailed
to your old machine? Even if your old PC stopped working and you threw it out -
the disk drives can be recycled by
environmentally
friendly agencies who do deals with your garbage collection company.

In
the corporate and government markets - recycling is done wholesale. When new PCs
are bought the old ones are traded in or disposed to brokers hundreds or
thousands of machines at a time. Someone else is taking care of the problem for
you. Or are they?

There's a lot of evidence from security companies
like
Pointsec that a
worryngly high percentage of second hand / refurbished hard disk drives bought
on the open market still have readable data.

Yes they were "wiped"
clean by commercially available utilities.

Yes the disks were
reformated.

But both processes are undoable in a matter of seconds.
Many disk wipe utilities are simply that - useful utilities that make it hard
for you to see the data on your disk drive. But unless they follow algorithms
used by the military, the files they cover up can be easily read by data
recovery software.

There are 3 common types of product and service
which address the Disk Sanitizer market.

software - useful for using on one machine or a low
number of machines.

hardware - which wipes a batch of disks clean at
hardware speeds - and is useful if you're recycling hundreds of drives.

services - which mechanically break the disks into
fragments which are considered too small for criminals to do anything with.
(Although a good data recovery company or your intelligence agency cmay still be
able to read files off a 1 inch fragment off a broken disk drive).

The best approach for you to take with
maintaining your own data privacy depends on your own situation. But just as you
wouldn't throw your old credit card onto the street - think about what's
happening to those old disk drives next time you buy a new PC, server or RAID
system. And make sure that your broker - if you use one - is using a product
which actually works.

.

.

Pointsec found that
they were able to read 7 out of 10 hard-drives bought over the Internet
at auctions such as eBay, for less than the cost of a McDonald's meal, all of
which had "supposedly" been "wiped-clean" or "re-formatted".

.

When Disk Sanitizing Won't
Do the Job

Editor:- July 13, 2005 - Just thought I should mention
on this page that there's one situation in which disk sanitizers won't
protect your valuable identity or other confidential info no matter how
smart the software.

This warning thought was triggered by my own
recent experience in which a hard disk I was using for backup failed in the
write mode - but its contents (the old backups) were still readable. In that
case the only way to ensure that no one else can steal your data is physical
destruction.

I was helped out in this by Sam, the 11 year old son of
some college friends who were visiting. We took the disk drive out to the back
of the barn and Sam sanitized it using a combination of sledge hammer and log
splitter. The disk platter, bent split and shiny but no longer readable, was
saved as something he was going to save on his wall as a momento of the
experience.

We sanitized a 486 PC tower after that - which is one of
about a dozen old PCs we have been wondering what to do with and storing in a
shed. That had two disk drives - so Sam's younger brother (6) was able to get in
on the act and sanitize one for himself too.

You can never be too young
to learn the importance of data security - or how to wield a large ax safely
for chopping firewood. These are important things to know. But readers should
not try this themselves without the supervision of an experienced log slayer.

.

Did You Know?

Disk
Sanitizers are entirely different to Telephone Sanitisers. If you were looking
for the story of the Golgafrinchan Telephone Sanitisers in the Hitchiker's
Guide to the Galaxy see the
BBC's
Hitchiker's cult page.

The need for fast and
secure data erase - in which vital parts of a flash SSD or its data are
destroyed in seconds - has always been a requirement in military projects.

Although
many industrial SSD
vendors offer products with extended "rugged" operating
environment capabilities - and even notebooks SSDs come with encryption -
it's the availability of fast destructive data purge which differentiates "truly
secure" SSDs which can be deployed in sensitive applications.

Who
makes these SSDs? How do they work? And what are the characteristics and
limitations of the various methods used? Click on the link above to find out
more in my special article / directory about
fast purge SSDs.

Is
it true that the Queen's apartments are dusted clean by those bushy hats?
Megabyte was sworn to secrecy.

I
thought to myself how many years is it since I set up a dedicated
SSD fast erase / purge
page? - I checked. It started in 2009. (This is one of the joys and
frustrations of the web. Frustration - that you can't find stuff which has
been around for a long time - because it gets drowned by social chit chat. Joy -
in knowing that there must be a lot more readers out there who also care about
the same problems.)

Anyway - what I said to Simon was - "There is
a double digit list of standards by defence and government agencies which cover
various use cases and whether the drive is desired to be redeployed for another
project or not. The purpose of extreme autonomous SSD purge is to destroy enough
critical chips in the encrypted SSD so that if it falls into the wrong hands
(captured by enemy) then the SSD data will remain immune to the best
efforts of forensic data
recovery. Thats just one reason why DR and security agencies intersect and
are mutually aware. But as DR gets better then sanitisation has to advance too
(best way being destruction of the chips)."

Anyway Simon - whose
company does Onsite Physical Destruction of HDDs and SSDs in Australia pointed
me towards an interesting
video - re Mobile Data
Destruction which shows the type of thing his company does. It's on
youtube which means that many of you won't be able to see it right now if
you're viewing this at work.

So I'll describe what happens...

The video shows a van which arrives at your site and delivers via a conveyor
belt all the drives you want shredded - presumably while one of your security
people watches it happening. (You'd have to verify the exact design and chutes
etc yourself obviously to satisfy yourself there are no magical trap doors - or
maybe you could just rent the facility. It depends on your own circumstances.)

That prompted me to realize that it had been about 2005 when I had
last written much about the
disk sanitization
services and equipment business (as opposed to autonomous drive purge)
because in a way - once you know what needs to be done - what more can you say
about it? But maybe that page could do with a refresh - which is why I'm writing
this.

We are much more sensitive and vigilant about environmental
impacts nowadays (2018) compared to the start of my own career (1977) when
many of the industries which paid the wages of our local communities and
where our friends and neighbors and customers worked were inevitably sometimes
spilling stuff into the sky, ground and water.

So I said - Hi
Simon - I forgot to ask this... how is the shredded material from the sanitized
drives processed? I mean the cost from an environmental hazard point of view?

Simon said - 0 to land fill. (And then he gave me a list of who
reprocesses what afterwards - which you can find out more about on his web
site.)

Editor's comments:- I'm guessing that wherever you live you
might be interested in the possibilities opened up a mobile service like this.

My own modest needs in this category have always been simply
managed by the expedient of a log splitter or ax - but I'm only smashing one
drive each season or less. Some of the kids of family friends have made
artworks out of the little chunks of smashed up drives and mangled chips.

Small
dustry grains are less artistic but better from the security angle.Fusion-io can do secure erase in less than 60 seconds

Editor:-
September 15, 2011 - Fusion-io
today
announced
that its new SureErase data
sanitization tool has been confirmed as meeting Department of Defense
sanitization standards by the Defense Information Systems Agency.

SureErase
enables users to securely remove/erase all data on any ioMemory-based
technology, following DoD/NIST standards, regardless of capacity, in less than 1
minute.

Editor's comments:- although that sounds like a long
time - relative to fast
purge SSDs (and it is too long for some applications) nevertheless when you
take into account that many of Fusion-io's PCIe SSDs have multi-terabyte
capacities - it's impressive. Did encrypted HDDs choke the sanitizer market?

It's easy
to be wise after the event - but I see now that the rapid industry take up of
FDE (full disk encryption) may have been a factor in capping the size of the
disk sanitizers
market. I thought that market would be a lot bigger by now.

The base unit is designed for 3.5" drives, but an optional
$105 kit converts it over to 2.5" operation. Duplication speed is
approximately 40MB/s. As an introductory promotion Aleratec is offering a free
3 way PATA disk duplicator to customers who buy the 5 way model this month. ...Aleratec profile,
Disk Duplicators,
Disk SanitizersSun Enters the Disk Sanitizer Market

Sun Data Protection
Services, Data Erasure, is a new on-site service to help enable customers to
remain compliant with internal corporate data erasure policies during the
removal, redeployment or relocation of equipment containing sensitive data. The
service also empowers customers' to become compliant with the ever increasing
policies of regulatory agencies for the removal or destruction of data, by
providing a global, audit-ready solution that erases data at the platter level.
Sun has been using the same data erasure service internally to prepare company
assets for reassignment and redeployment.

Drew Hughes, technical
program manager at Sun Microsystems said - "When we work with a government
client to transfer equipment from one resource to another, we use the Data
Protection Services Erasure to ensure that our services team has no data
compromise."

Industry research (from
IDC) indicates that most
midsize to large corporations replace about 25% to 33% of
their IT equipment on an annual basis. Each event in the equipment life cycle
can expose sensitive corporate or customer data to possible breach or
compromise. ...Sun
Microsystems profile, Storage
Services , Disk
SanitizersRoyal Bank of Scotland's Customer List Sold on eBay

This is the 2nd major data security story to hit the
headlines in less than a week. The earlier case involved the loss of UK police
records containing data for
thousands of
criminals.

The prisoner records are still missing, but the bank
customers in today's story can breathe a sigh of relief that the purchaser of
the unsanitized disk was an honest citizen. Aleratec's Disk Sanitizer gets Military Citation

"We are very proud to be recognized for our developments by
Military Embedded Systems Magazine"
said Perry Solomon, President and CEO of Aleratec. "...We made the HDD
Cruiser the complete tool, it can also make exact duplicate copies of hard
drives to expedite setting up new PCs or recycling old drives with new site
licensed operating systems and standard applications which is particularly
useful when drives have already been used and need to be set up for a new
project." ...Aleratec
profileWiebeTech's Low Cost Disk eRazer

The standard model (price
$99.95) can erase a 250GB drive in under 2 hours. Operation is easy. Simply
connect it to a drive and flip a switch.

"As many people discover too late, trashing a file does not
erase it from a hard drive,"
said James Wiebe, president/CEO of WiebeTech. "It is fairly easy for
someone else to recover files from used hard drives. As a
test, we bought used drives on eBay and recovered everything from corporate data
to email conversations to financial data to legal documents. Drive eRazer is the
easiest, most economical solution available to prevent others from seeing your
files." ...WiebeTech
profile,
Disk SanitizersThis Email will Self Destruct in 72 Hours

One patent addresses a self-destructing document or email messaging
system that automatically destroys documents after a predetermined period of
time.

Another Lot in the Data Storage category, which includes a
substantial portfolio of U.S. patents, generally relates to data storage
devices, disk drives, and other aspects of storing digital information by
magnetic and optical data storage technologies.

With 5 different deletion methods complying with recognized international
standards, the user can create individual configurations, adapted to each
scenario. The deletion methods differ from each other in the number and the way
data is actually overwritten. As well as the standard deletion procedures of US
DoD and German BSI, users can also select the
Gutmann Method, which
meets the highest possible security criteria and overwrites data up to 35 times
The full version costs EUR 29.90.
...O&O Software
profile,
Storage Software,
Disk SanitizersHard Drive Cleanser Wipes Vista

"Acronis
Drive Cleanser has been honored on multiple occasions as the best disk wiping
application on the market," said Walter Scott, CEO of Acronis. "The
addition of Vista support means that now users of virtually all versions of the
desktop Windows OS can, with complete confidence, delete the data from any
partition or the entire hard disk and know the data will never, ever be
resurrected for purposes such as industrial espionage or identity theft. The
product is used by corporate customers and consumers to wipe an old hard disk
before it is disposed of or repurposed as additional storage."
...Acronis profile,
Disk SanitizersBlancco Offers Nonprofit ORGs Free Disk
Wipes

Each nonprofit organization with 501c3 designation will be entitled to 500
Blancco licenses. Like commercial enterprises, nonprofits face a critical
challenge when they want to recycle, resell, or reuse obsolete computers: the
data remaining on the hard
drives need to be professionally wiped in order to maximize data security
and prevent data leaks or identity theft. The software is operated from a
central server, so users do not need to install the software on each computer
prior to data wiping. It is designed not only for PCs and laptops but also for
servers with several hard drives.
...Blancco profile,
Disk SanitizersThumbs Up for Mainframe Disk Sanitizer
from Down Under

The
product is an effective, economical solution for industries that require fast
and secure removal of magnetically recorded data from
hard disk drives,
removable disks and
backup tapes. The
Fujitsu Mag EraSURE family of products utilizes a rare earth permanent magnet to
degauss magnetically recorded information. Data becomes permanently
unrecoverable by commercial means once exposed to the powerful magnet in the
device. In addition to purging recorded information on the storage device,
including servo and calibration data, the degausser also destroys most
read/write heads.

A key feature of the Fujitsu Mag EraSURE is its
user friendly operation. Users simply insert the drive into the degausser and
push the button; the device handles the rest. It can operate 24x7 with no-wait
duty cycle and accepts a wide variety of media:- hard disk drives - up to 3.5"
and 1.6" height and floppy, Zip, Rev and Jazz media. Also backup tapes:-
SDLT, DLT, LTO/LTO2, DAT, TRAVAN, AIT, QIC, 8mm. The Mag EraSURE P2V is priced
at $13,500.
...Fujitsu profile,
Disk Sanitizers

.

What do you do with your old credit card when the new one arrives?

Do
you toss it out the window? (And rely on the weather and time to biodegrade
it.)